My sincerest apologies for any inconvenience that this has caused any of you, as I know that there's nothing more annoying that seeing a spambot flood any part of a forum with pointless nonsensical messages that barely manage to advertise whatever it's here to try and sell us. It might be frustrating, but please understand that we Creaturetopia staff do our best to keep things running smoothly here, and that we can't be here 24/7 to keep a constant watch over the forums. If you see a spam topic in the future, just ignore it, as it'll be gone in the next day or so. You can report it if you like, but honestly, spambot topics are pretty easy for us to spot

If you feel that it's absolutely necessary for you to complain about all this, you're welcome to do so here

No, really. I've hosted/admin'd three or four forums and moderated I dunno how many others and spambots are always a pain, so I understand.

Granted, it was never -that- much of a huge pain because most of the forums I worked on were secret private cults that required admin approval for account activation, but that didn't stop them from trying, and when the account list of inactive spambots was starting to catch up to the account list of actual members, it was a little bothersome (though, it did make us look a lot more popular than we were, haha). Eventually I set something up to essentially remove the "personal website" forms from the sign-up page, and since the bots aren't actually looking at the page but sending in information to what they believe is a typical phpbb signup page, if they tried to send in personal website information it would refuse the registration. It was pretty effective.

Admittedly, that was a long time ago and phpbb has since changed and spambots have gotten smarter, so there's probably better methods out there these days.

What about those boxes with the "disguised" letter combinations you have to type in? Like the sort of thing they have on Wikipedia to make sure unregistered folks aren't spammers. I always forget what they're called, but you only have to do it the first time you sign up, so if you're already a member there's no extra hassle.

Captcha? We do have that here, but spambots find ways around it, either by being able to figure it out or by getting other real people to do it for them.

I remember reading that usually a lot of those fishy "free ipod!" etc ads have several places along the information-gathering process that make you enter captchas. Most of them are actually directly pulled from forums and other sites that require captchas for sign up, so every time someone tries to sign up for one of those offers, not only are they getting themselves spammed, they're helping spambots to register

Captcha does help, in the sense that we only see a ton of spam posts every few days rather than it completely overrun the forum, but it doesn't keep them out entirely, unfortunately.

Unfortunately I'm just a mod, and when it comes to spambots cleaning up afterwards is basically all I'm good for... But these suggestions all seem pretty good, I'll be sure to let the other staff members know to read through them and see what's doable.

Robots.txt does not combat spambots AFAIK, it only keeps away "polite" webcrawlers/spiders who choose to respect the wishes of others.

Suspending registration is a bit harsh, but it might be worth trying. In my experience though once a forum is on a spambot "list" it's usually never removed as it barely hurts them to continue to try to run automated scripts on the page, but there are some cases in which actual people are registering the accounts, in which case we might get removed by shutting down for a few days.

What version of phpBB is this forum running on? Upgrading it to the most recent version might offer a bit more security (though that is not always the case...).

Buuut really, that's stuff you have to get admins involved in, so in the meantime the mods are just stuck deleting as fast as the can (Poor 3kul )

I might suggest in the meantime electing a temporary Spam Squad of people only given the ability to move threads from one forum section to another (in this case, a spam forum not visible to the general public) for later deletion and banning by fully-fledged mods. Just to keep everything cleaned up as quickly as possible. But I'm pretty sure setting a group like that also requires Admin powers too, so again, it's a waiting game. The Admins here don't seem to be terribly active (they don't post all that often, anyway).

Woah! Sorry we let things get so messed up, really wasn't supposed to happen!Thanks for your patience and understanding everyone.

As of now the following methods are in place:a) You now have to be logged in to see the forum. It might be a pain for some people (me for one) but it does seem to deter spam bots from trying to sign up.b) New accounts have to be activated by an admin before they can be used. Kind of a middle ground between the current system and blocking new members completely. It probably will slow things down a bit (although the activations are done via email so even if we aren't here every day the admins will know when someone wants to sign up), but I think most of those who are interested have probably signed up already.c) I've allowed the forum to use it's own built-in filter which stops IP addresses registered as used by spam bots from signing up. This is the one I'm most skeptical about, so if anyone has any problems because of it give us a yell somewhere (I'm going to double check in a minute and make sure I'm registered on all the other Creatures forums with the right email and MSN displayed), but hopefully it should be a big help.

Updating the forum software should also help a lot, especially since I think a new version has been released recently, but that will have to wait until I'm on my own computer or DP can do it. On my end that'll be Monday at the earliest, 10th or 11th of June if not. (I think I need a laptop, even if I do hate them).

Later on and/or if this doesn't fix the problem I'll be looking into simpler methods of restricting them (I like the random question approach Officer mentioned), but this should work in the short term at least.

Edit: If anyone notices the forum constantly running slow, especially when you're posting anything, let me know as that is apparently a possible effect of c). I think it might be happening to me but as I've never been on here with this computer before I can't be 100% sure what's causing it.

I do hope this is quite temporary though... making the forum invisible to non-registered users really isolates us as a community, especially since there are articles on the Cwiki that link to threads here, and so on... it also might deter real people from signing up as much as bots-- I know I get iffy about signing up on a forum I can't see.

There are a lot of mods out there that aren't all that tricky to install to deter spambots, so hopefully we can go that route soon enough... I understand it's probably necessary for the time being but it just feels so...isolating I do appreciate the work you guys put into this though. Better than the place being littered with nonsense text and ads.

I agree with Amaikokonut about hiding the forums. I don't like the idea of the boards being readable to members only because it excludes non-members from reading the threads, and not all non-members are non-members by choice. My parents didn't allow me to register on any forums until I was... well, actually, when I joined the CC I kind of did it behind their backs. >_> I think they're completely unaware of the fact that I'm an active member at over a dozen different forums right now.

And, to be honest, I don't see how hiding the forums is an effective spambot deterrent. My knowledge of spambots is limited, but my understanding is that they register for any forum they stumble upon, regardless of content or post/member count, and then post whatever the heck they were programmed to spread.

I do appreciate that you're trying to prevent future spam attacks, though.

You have to be honest with yourself when you are writing. If that leads to somewhere unexpected then perhaps you really needed to go there.-- Jim Adkins

a) You now have to be logged in to see the forum. It might be a pain for some people (me for one) but it does seem to deter spam bots from trying to sign up.

I think the fact that registrations are moderated will do much more than hiding the forums, from my experience with spambots at SHS. I think hiding the forums is going to do a lot more harm than good, because as Officer and Amaikokonut said, it isolates the community and "scares off" anyone new.

I know I wouldn't want to join a community that's basically invite-only.

Believe me I don't like it either. As soon as I can get back on my computer and put some better methods in place (some of which require FTP access which I don't have from here) things will be back to normal, this is just a short term solution.

I don't know if this is related, given the talk about hiding the forum I was thinking it might be. The thing is I can't view my Genetics Kit spawns Siamese topic. I can go into the development forum, look at whatever I want, but if I try to click that topic it says "you are not authorized to view this forum". I mean seriously, I created that topic! I'm logged in, even! Why can't I look at it? It doesn't make sense.

I haven't consistently checked every single thread, but I haven't had any problems with any of the other threads I've looked at, just this one.

I just checked your thread, I can see it fine and I don't see any reason you shouldn't...

[Edit] Just did some checking, and I have found the difficulty. In checking your permissions I saw nothing wrong, but I browsed to the thread in question and discovered the problem. There is apparently a minor error in the PHP tables as concerns your thread, ghosthande. Instead of clicking on your latest post icon in the thread, you should click the topic title. By doing so, you'll see you can view your thread. The error appears to have occured at the time of the posting, and may or may not be due to some settings that have been changed in the forum recently. I'll talk about it with Danikat. In any case it's very minor, and shouldn't affect you in future. If it does, send a pm to one of the admins/mods so we can see about a fix for you.

If any of you other members find this happening to you please post a pm to an admin/mod immediately to let us know the problem is more widespread than we might have originally thought.

I noticed that same thing with that that.. the authorization thing. The thread is fine when you click on the title; the forum seems to have eaten the last post though, because even though it says the last post was by Ghosthande, the last post that will load is the older one by Norngirl.